Ravikanth's Blog

Happenings around Me

Disclaimer

India MVP Blogs

Mugh blogs

My

My Favorites

My Network Places

December 2007 - Posts

Certified Six Sigma Plus Green Belt Professional

Today in Honeywell, I was awarded with Six Sigma Plus Green Belt certificate. This certificate acknowledges the technical expertise and application experience necessary to effectively achieve Six Sigma Quality.

For more details click here

 

Difference between focusing on problems and focusing on solutions


Case 1 :
When NASA began the launch of astronauts into space, they found out that the pens wouldn't work at zero gravity (ink won't flow down to the writing surface). To solve this problem, it took them one decade and $12 million. They developed a pen that worked at zero gravity, upside down, underwater, in practically any surface including crystal and in a temperature range from below freezing to over 300 degrees C. And what did the Russians do...?? They used a pencil.
 
Case 2 :
One of the most memorable case studies on Japanese management was the case of the empty soapbox, which happened in one of Japan's biggest cosmetics companies. The company received a complaint that a consumer had bought a soapbox that was empty. Immediately the authorities isolated the problem to the assembly line, which transported all the packaged boxes of soap to the delivery department. For some reason, one soapbox went through the assembly line empty. Management asked its engineers to solve the problem. Post-haste, the engineers worked hard to devise an X-ray machine with
high-resolution monitors manned by two people to watch all the soapboxes that passed through the line to make sure they were not empty. No doubt, they worked hard and they worked fast but they spent a whoopee amount to do so. 

But when a rank-and-file employee in a small company was posed with the same problem, he did not get into complications of X-rays, etc., but instead came out with another solution. He bought a strong industrial electric fan and pointed it at the assembly line. He switched the fan on, and as each soapbox passed the fan, it simply blew the empty boxes out of the line.
 
The above 2 cases might be good examples for Root Cause Analysis(Find & remediate the root cause instead of addressing the symptoms)

Business Rules implementation techniques - Which one is better?

Business rules in client web pages(away from data)

==================================
  • Developers tend to do this. But for a change in business rule, Need to recompile and redeploy the web applications.
  • Eventually, If you expose data through web service your application cannot make sure who is going to access which data, because web service consuming application will write their own set of business rules.
  • Data is in your hand but business rules are not in your control, every other consuming application will implement their own rules.
  • Managing/Maintaining business rules across different applications is difficult.
  • Change in business rule needs to be replicated in all the consuming applications.

Business rules in back end stored procedures(along with data)

============================================
  • Simple to include a change in business rule.
  • No need to recompile.
  • If you expose data through web service, your application can make decisions who is going to access which data, not the consuming application.
  • Data as well as business rules are in your control.
  • Change in business rule needs a change at one place.

 The above said points are valid & true for authorization rules and security rules also.

Please comment if you have any other thoughts.

2008 security predictions

2008 Security Predictions

The 2008 Olympics is likely to spur a flurry of hacker activity, says Websense Inc, which specializes in web filtering and security software, releasing the top ten computer security threats for 2008. The top 10 security threats are:

 

 

1. Olympics -- new cyber attacks, phishing and fraud

Event-based attacks and scams are popular, and with the whole world watching, the 2008 Olympics may fuel a surge in cyberattacks. As the Olympic torch burns, Websense researchers predict the possibility of large scale denial-of-service (DoS) attacks on Beijing Olympic-related sites as political statements and fraud attempts through email and the Web surrounding the Olympics. Additionally, Websense predicts compromises of popular Olympic news or other sports sites -- attacks designed to install malicious code on end-users' machines and steal personal or confidential business information.

2. Malicious SPAM invades blogs, search engines, forums and Web sites

Websense predicts that hackers will increasingly use Web spam to post URLs to malicious sites within forums, blogs, in the commentary or "talk-back" sections of news sites and on compromised Web sites. This activity not only drives traffic to the infected Web sites but also assists in the purveyor's site sitting higher on search engine rankings, increasing the risk that users will visit the site.

3. Attackers use Web's 'weakest links' to launch attacks

The Web is an entanglement of links and content. The advent of Web 2.0 additions such as Google Adsense, mash-ups, widgets, and social networks along with the massive amounts of Web advertisements linked to Web pages have increased the likelihood of 'weak links' -- or Web sites and content that are vulnerable to compromises. Websense predicts that attackers will increasingly exploit the weakest links within the Web infrastructure in order to target the greatest number of Internet users. Most vulnerable to these attacks are search engines and large user networks such as MySpace, Facebook or other social networking sites.

4. Number of compromised Web sites will surpass number of created malicious sites

The Web as an attack vector has been steadily increasing for the last five years and now attackers are using compromised sites as their launching platforms -- even more than their own created sites. Compromising sites -- particularly, sites well-visited by end-users, such as the Dolphin Stadium attack that occurred a few days prior to the 2007 Super Bowl XLI in Miami, provides attackers with built-in Web traffic and minimizes the need for lures through email, instant messaging or Web posts.

5. Cross-platform Web attacks -- Mac, iPhone popularity spurs increase

With the brand popularity and growing use of iPhones and Macintosh computers, Websense researchers predict attackers will increasingly launch cross-platform Web attacks that detect the operating system in use and serve up code specifically targeting that operating system instead of attacks based on just the Web browser. Operating systems that are targeted now include Mac OSX, iPhone, and Windows.

6. Rise in targeted Web 2.0 special interest attacks -- hackers targeting specific groups of people based on interests and profile

Web 2.0 has spawned a proliferation of Web users that visit chat rooms, social networking sites, and special interest Web sites such as travel sites, automotive, and more. These sites provide attackers with potential victims that fall within a certain age group, wealth bracket, or people with particular purchasing habits. In 2008, Websense researchers predict targeted attacks will rise toward specific social networking or special interest sites that have a higher probability of delivering a payoff.

7. Morphing JavaScript to evade anti-virus scanners

Hackers are upping the ante with evasion techniques that use poly-morphic JavaScript (Polyscript) -- which means that a uniquely-coded Web page is served up for each visit by a user to a malicious Web site. By changing the code every visit, signature-based security scanning technologies have difficulty detecting Web pages as malicious and hackers can extend the length of time their malicious site evades detection.

8. Data concealment methods increase in sophistication

Websense predicts an increased use of crypto-virology and sophistication in data concealment including the use of stenography, embedding data within standard protocols, and potentially within media files. Toolkits widely available on the Web will be used to embed proprietary information and steal data.

9. Global law enforcement will crack down on key hacker groups and individuals

In 2007, large-scale Internet-based attacks garnered the attention of law enforcement officials around the world. Websense anticipates that through the global cooperation of enforcement agencies, in 2008 the biggest crackdown and arrests of key members of a hacker group will occur.

10. Vishing and voice spam will combine and increase

The vast cell phone user population has grown into a lucrative market to exploit with spamming and "vishing" for financial gain. To date, researchers have seen an increased number of vishing attacks but not a lot of spam -- or pro-active automated calling. In 2008 Websense predicts that "vishing," or the practice of using social engineering and Voice over IP (VoIP) to gain personal and financial information and voice spam will combine and increase -- users will receive automated voice calls on LAN lines with voice spam to lure them to input their credentials through the telephone.

More Posts